b7cf35cfbbf7f1cc873fc9f9b2a25e52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7cf35cfbbf7f1cc873fc9f9b2a25e52_JaffaCakes118
Size

1.9MB
MD5

b7cf35cfbbf7f1cc873fc9f9b2a25e52
SHA1

a5a08a593685ec597365cfb918c6b0423e16469a
SHA256

4982fda5f00a5a48bd80e5e2f3afcbada205679344af50396d7ae669ccf13775
SHA512

c9d67fd5fbd6756f9877d6322224b80a6d8797714aef419cad628bf693e4ea451aaa29eec76c35b1ae09e4c16ca22177333b31983459d47fac39b5562625408a
SSDEEP

49152:3KTi3l3rYsYzS5iOZxNWsPU+/+ToTStp6YYTUA:3gi3l3kzS4OZ/WsPU+/+ESvG5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7cf35cfbbf7f1cc873fc9f9b2a25e52_JaffaCakes118

Files

b7cf35cfbbf7f1cc873fc9f9b2a25e52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c875baed39750d1e874ad7325c60f893

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
Beep
CloseHandle
CreateEventA
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetProcessTimes
GlobalMemoryStatus
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
LeaveCriticalSection
Process32First
Process32Next
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualQuery
WaitForSingleObject

msvcrt

_fdopen
_itoa
_read
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_atoi64
_beginthread
_cexit
_ctype
_errno
_filelengthi64
_fstati64
_ftime
_i64toa
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_vsnprintf
abort
atexit
atoi
atol
ceil
ctime
exit
fclose
fflush
fgetc
fgetpos
floor
fopen
fprintf
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
isdigit
ispunct
isspace
localeconv
localtime
malloc
memchr
memcpy
memmove
memset
mktime
pow
printf
putc
rand
realloc
setlocale
setvbuf
signal
srand
strcmp
strcoll
strcpy
strftime
strlen
strtod
strtol
strxfrm
system
time
tolower
toupper
ungetc

wsock32

WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
gethostbyname
gethostname
getpeername
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket

libxml2

xmlAddChild
xmlDocDumpMemory
xmlDocGetRootElement
xmlDocSetRootElement
xmlFree
xmlFreeDoc
xmlGetProp
xmlMutexLock
xmlMutexUnlock
xmlNewChild
xmlNewDoc
xmlNewDocNode
xmlNewMutex
xmlNewNode
xmlNewProp
xmlNewTextChild
xmlParseFile
xmlSaveFile
xmlSaveFormatFileEnc
xmlSetProp
xmlStrcmp
xmlSubstituteEntitiesDefault

lua

lua_close
lua_getstack
lua_gettable
lua_insert
lua_isnumber
lua_isstring
lua_newtable
lua_next
lua_open
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushnil
lua_pushnumber
lua_pushstring
lua_settable
lua_settop
lua_strlen
lua_toboolean
lua_tonumber
lua_tostring

lualib

lua_dofile
luaopen_base
luaopen_io
luaopen_loadlib
luaopen_math
luaopen_string

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c875baed39750d1e874ad7325c60f893

Headers

File Characteristics

Imports

kernel32

msvcrt

wsock32

libxml2

lua

lualib

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 3KB - Virtual size: 3KB

.rdata Size: 74KB - Virtual size: 74KB

.bss Size: - Virtual size: 22KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 3KB - Virtual size: 3KB

.rdata
Size: 74KB - Virtual size: 74KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 10KB - Virtual size: 10KB